<?php

// validate the form here, start the session etc

if(@$_GET['logout'] == "Y"){
	Header("Location: index.php?logout=Y");
	exit();
}

session_start();

session_register("UserID");
session_register("P_Diddy");

if(isset($_SESSION['UserID']) AND isset($_SESSION['P_Diddy'])){
	// look at the database and check if the login and password are correct
	$sql = "SELECT ID, Password FROM adminlogin WHERE ID='". $_SESSION['UserID'] ."' AND Password='". $_SESSION['P_Diddy'] ."' AND Active='Y'";
	dbConnect($dbname);
	$query = mysql_query($sql);
	if(!$query){
		//echo("<p>Error: ". mysql_error() . "</p>");
		Header("Location: index.php?logout=Y");
		exit();
		
	} else {
		$count = mysql_num_rows($query);
		if($count != 0){			
			
			// can see the page, ok
			
			
		} else {
			Header("Location: index.php?logout=Y");
			exit();
		}
	}
			
} else {
	Header("Location: index.php");
	exit();
}

?>
